The officially official Devuan Forum!

You are not logged in.

#1 2021-07-05 13:14:19

beate
Member
Registered: 2019-03-25
Posts: 26  

Audacity and Musescore Spyware problem

I just read about a new issue on Audacity and Musescore containing spyware. It looks as if it would be time to supply forks of the packages. I just read about tthat one: https://github.com/cookiengineer/audacity

And for the time being devuan should IMHO be restricted to the latest version of audacity prior to the introduction of spyware elements. Which does not seem much of an issue to me as even old versions of audacity are functional and rock solid.

What do You think?

Offline

#2 2021-07-05 13:45:57

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Audacity and Musescore Spyware problem

Ive been reading about this over at reddit.

I read you could sandbox it and disallow network activity with firejail. Which i believe may stop any telemetry?

firejail --net=none audacity

I dont even think that needs doing as a start up command as firejail has a profile for audacity with the package firejail-profiles with the setting net none

Im devuan testing at the moment but here is the profile.

# Firejail profile for audacity
# Description: Fast, cross-platform audio editor
# This file is overwritten after every install/update
# Persistent local customizations
include audacity.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.audacity-data
noblacklist ${DOCUMENTS}
noblacklist ${MUSIC}

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc

include whitelist-var-common.inc

apparmor
caps.drop all
net none
no3d
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol unix
seccomp
shell none
tracelog

private-bin audacity
private-dev
private-tmp

# problems on Fedora 27
# dbus-user none
# dbus-system none

Offline

#3 2021-07-05 16:47:33

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Audacity and Musescore Spyware problem

The telemetry was only added for v3 so the Devuan packages are not affected and if Debian bump the version they will almost certainly patch it out.


Brianna Ghey — Rest In Power

Offline

#4 2021-07-06 01:04:55

beate
Member
Registered: 2019-03-25
Posts: 26  

Re: Audacity and Musescore Spyware problem

I'm aware that this will affect version 3 and not the current one. Nevertheless i set audacity on hold on 4 machines (all running chimaera).

Firejail and the like is nothing for unexperienced users - simply because they do not know or will not dare to use it.

But anyway: the other affected software is musescore. Chimaera provides Musescore 2 and 3, the first due to problems regarding backward compatibility.

I would guess that version 2 is probably "clean" but version 3 ? Or will the new policie affect only recent versions? BTW: the recent android versions of musescore have already been changed - a friend of mine told me that it was unclear wether she could use it free of charge.

IMO version 2 should be prevailed as long as possible. Regardles how long it'll be maintained by Debian.

Offline

#5 2021-07-06 07:39:08

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Audacity and Musescore Spyware problem

Have some faith in the developers, they won't let telemetry in the official repositories.

beate wrote:

version 2 should be prevailed as long as possible

Devuan chimaera is based on Debian bullseye and that is currently frozen so the package versions won't ever change for that branch, only bug & security fixes from now on.


Brianna Ghey — Rest In Power

Offline

#6 2021-07-06 11:29:07

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Audacity and Musescore Spyware problem

Head_on_a_Stick wrote:

Have some faith in the developers, they won't let telemetry in the official repositories.

I had not thought of it like that, Firefox for one stands out i believe, but most likely a different scenario due to being a browser, i dont know just asking?

https://wiki.debian.org/Firefox

Last edited by dice (2021-07-06 11:31:26)

Offline

#7 2021-07-06 22:57:15

zapper
Member
Registered: 2017-05-29
Posts: 967  

Re: Audacity and Musescore Spyware problem

Audacity is being forked, I believe, so no worries.

That all being said, I heard about this problem, and I think debian should abandon current audacity in favor of a fork.


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#8 2021-07-07 10:30:54

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Audacity and Musescore Spyware problem

Okay folks here's some rumour control:

https://github.com/audacity/audacity/pull/835 ← pull request that caused the issue

https://github.com/audacity/audacity/discussions/889 ← official response

Important points:

  • the telemetry was always optional and disabled by default, it would never have made it into any packages[0]

  • the telemetry has already been removed upstream along with some analytics for the big G

So no need for any fork at all really.

dice wrote:

Firefox for one stands out i believe

Several telemetry features are disabled via /usr/lib/firefox-esr/browser/defaults/preferences/firefox.js, with some patching to support this.

[0] Except perhaps for those poor fools trusting "universal" packaging "solutions" like snap & flatpak.

Last edited by Head_on_a_Stick (2021-07-07 10:35:19)


Brianna Ghey — Rest In Power

Offline

#9 2021-07-07 15:10:01

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Audacity and Musescore Spyware problem

seems like they had to still negotiate away from musescores google and yandex affiliation though. Had it flown under they radar would they have bothered? Seems like they want to go proprietary in the longer term.

Last edited by dice (2021-07-07 15:13:18)

Offline

#10 2021-07-07 15:27:54

brocashelm
Member
Registered: 2020-06-29
Posts: 114  

Re: Audacity and Musescore Spyware problem

Audacity has been officially forked. Its new name is Sneedacity (DEB builds here). big_smile

I'm also laughing my ass off at that "Cookie Engineer" kook crying over a poll (because of the name being picked). Clown World at it again. lol

Last edited by brocashelm (2021-07-07 15:33:16)

Offline

#11 2021-07-08 04:20:52

steve_v
Member
Registered: 2018-01-11
Posts: 381  

Re: Audacity and Musescore Spyware problem

brocashelm wrote:

Audacity has been officially forked. Its new name is Sneedacity

Personally I suggest waiting until the 4chan-powered clown-car pulls all the way out of the station before labelling anything "official".
While I do find both the name and the ongoing flamewar(s) somewhat amusing, right now picking out the competent developers from the trolls and small children is an exercise in futility. Time alone will tell which fork is in it for the long-game.

brocashelm wrote:

I'm also laughing my ass off at that "Cookie Engineer" kook crying over a poll

Arguing over a name is indeed funny, the doxxing and real-world harassment it lead to is not.

Last edited by steve_v (2021-07-08 04:32:29)


Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

#12 2021-07-08 15:02:41

brocashelm
Member
Registered: 2020-06-29
Posts: 114  

Re: Audacity and Musescore Spyware problem

steve_v wrote:

Personally I suggest waiting until the 4chan-powered clown-car pulls all the way out of the station before labelling anything "official".
While I do find both the name and the ongoing flamewar(s) somewhat amusing, right now picking out the competent developers from the trolls and small children is an exercise in futility. Time alone will tell which fork is in it for the long-game.

Nah, I think it's off to a solid start. Forks usually take a while to get the hang of, having just been launched. Also, they have an IRC channel that's gaining traction.

steve_v wrote:

Arguing over a name is indeed funny, the doxxing and real-world harassment it lead to is not.

Neither actually happened. I looked into the archives and screenshots myself, and he's clearly getting off on the attention he's been receiving. He's being put on blast for his shady online comments (along with writing slurs himself). His faux victimhood ironically makes him more likely to do the creepy stalking than a typical anon. 4chan's only mistake is giving him said attention. He'd be just another lonely GitHub maintainer without their "harassment".

Offline

#13 2021-07-08 19:17:47

mstrohm
Member
Registered: 2020-02-09
Posts: 37  

Re: Audacity and Musescore Spyware problem

I consider tenacity (https://github.com/tenacityteam/tenacity) the real fork. First of all, the issues of the sneedacity "project" make it look like a bad parody of a software project:

https://github.com/Sneeds-Feed-and-Seed … ity/issues

Most important, there is the report of attempted murder of the main tenacity maintainer. Read more here: https://github.com/tenacityteam/tenacity/issues/99

If the people from 4chan behind the sneedacity project (see its README.md) really see murder as a legitimate way to solve problems, then the sneedacity project should be removed.

Last edited by mstrohm (2021-07-08 22:25:10)

Offline

#14 2021-07-09 09:41:18

steve_v
Member
Registered: 2018-01-11
Posts: 381  

Re: Audacity and Musescore Spyware problem

brocashelm wrote:

I think it's off to a solid start. Forks usually take a while to get the hang of, having just been launched.

Well, you do you and all that. I'll take sneedacity seriously when the volume of functional, constructive commits exceeds that of asinine juvenile memeing, "easter eggs", and changing the names of anything and everything to be as offensive as possible.
That kind of behaviour might fly on the 'chans, but it's a lousy way to run a software project.

brocashelm wrote:

Also, they have an IRC channel that's gaining traction.

...which is, unsurprisingly, full of the same.

mstrohm wrote:

I consider tenacity (https://github.com/tenacityteam/tenacity) the real fork.

Tenacity does indeed look more like a software project and less like a frat-party, but then activity on any of the forks is still largely just buggering about with documentation and naming.
Dealing with the trademark issues is a necessary evil, but it gives few real clues as to the committent, ability, or intent of the contributors. Any fool can shove a bunch of docs through sed.

Frankly I'm still waiting for the other shoe to drop, ya' know, the one that contains some technical merit. The politics and bickering is just a sideshow.
Right now what we have is several largely-unaltered copies of the original codebase, with varying levels of "hey look, I changed one line in README.md" contribution.

I'm sure one or other of the squabbling tribes will pull together (or even in vaguely the same direction) sooner or later, but as it stands the difference between sneedacity/tenacity/audacium/etc. etc. and me just pulling the audacity gpl code and patching out the the corporate insanity myself is effectively nil.


Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

#15 2021-07-09 17:01:30

brocashelm
Member
Registered: 2020-06-29
Posts: 114  

Re: Audacity and Musescore Spyware problem

steve_v wrote:

Well, you do you and all that. I'll take sneedacity seriously when the volume of functional, constructive commits exceeds that of asinine juvenile memeing, "easter eggs", and changing the names of anything and everything to be as offensive as possible.
That kind of behaviour might fly on the 'chans, but it's a lousy way to run a software project.

It now has XDG support, which is essential from a technical point of view. I don't have a problem with people on the Internet having a sense of humor while making a robust piece of software to go along with it. Better than being plain and boring, which is unfortunately the issue with a lot of open-source software these days.

Offline

#16 2021-07-09 18:27:54

mstrohm
Member
Registered: 2020-02-09
Posts: 37  

Re: Audacity and Musescore Spyware problem

I don't have a problem with people on the Internet having a sense of humor while making a robust piece of software to go along with it.

Me neither, as long as nobody is harmed. The sneedacity project definetly crossed a line. Feel free to take a look at the 4chan part of the sneedacity community (sneedacity Readme.md, section "getting started", the link with "developer information"). You will find a lot of disgusting comments about the former tenacity maintainer.

Offline

#17 2021-07-09 18:45:10

steve_v
Member
Registered: 2018-01-11
Posts: 381  

Re: Audacity and Musescore Spyware problem

brocashelm wrote:

It now has XDG support, which is essential from a technical point of view.

That's a nice start, but I'd hardly call it essential. Low-hanging fruit is what it is. (TBF that's more a dig at the audacity team for not dealing with it sooner).
Still, progress is progress, and progress is good. Shame it got buried under a torrent of noise and tired simpsons references, otherwise I might have noticed it sooner.


Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

#18 2021-07-14 02:19:01

zapper
Member
Registered: 2017-05-29
Posts: 967  

Re: Audacity and Musescore Spyware problem

brocashelm wrote:

Audacity has been officially forked. Its new name is Sneedacity (DEB builds here). big_smile

I'm also laughing my ass off at that "Cookie Engineer" kook crying over a poll (because of the name being picked). Clown World at it again. lol

If your laughing at it, its because you are antisocial probably... or you don't know the news of sneedacity and their 4chan bs trying to intimidate cookie engineer.

Besides, you do realize that the trolls at sneedacity threatened cookie engineer and his family right?

...

Yeah... I would stop for that reason above alone.

EDIT: After seeing the commens you just posted, I realize I might have been right the first time.

...

Last edited by zapper (2021-07-14 02:22:09)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#19 2021-07-14 03:01:48

brocashelm
Member
Registered: 2020-06-29
Posts: 114  

Re: Audacity and Musescore Spyware problem

zapper wrote:

If your laughing at it, its because you are antisocial probably... or you don't know the news of sneedacity and their 4chan bs trying to intimidate cookie engineer.

Yup, and I'm laughing at it more and more with each passing day. I only feel sorry for the gullible fools who buy into outright lies and deception.

zapper wrote:

Besides, you do realize that the trolls at sneedacity threatened cookie engineer and his family right?

There is no evidence of this, as I said already. Do you know what schizophrenia is? He could also be staging all this "drama" all along. Anyone can write numbers on sticky notes and make a house look like there was a murder. I've seen this time and time again on the Internet. Nothing changes.

zapper wrote:

Yeah... I would stop for that reason above alone.

Feel free to. As for myself, I'll keep calling a spade a spade. Sneedacity has barely been around for two weeks and is already proving to be the best thing since sliced bread. Even the Audacium developers admitted in an IRC conversation to borrowing code from Sneedacity for a commit. If Sneedacity wasn't a serious project, then why even acknowledge their existence? That's how I know Sneedacity is the true winner. Give it up.

zapper wrote:

EDIT: After seeing the commens you just posted, I realize I might have been right the first time.

Well, with a signature like that, I'm surprised you don't spend more time on the Antix forums. That's more your crowd, I reckon. Devuan has no politics (left or right).

Offline

#20 2021-07-16 03:12:09

zapper
Member
Registered: 2017-05-29
Posts: 967  

Re: Audacity and Musescore Spyware problem

brocashelm wrote:
zapper wrote:

If your laughing at it, its because you are antisocial probably... or you don't know the news of sneedacity and their 4chan bs trying to intimidate cookie engineer.

Yup, and I'm laughing at it more and more with each passing day. I only feel sorry for the gullible fools who buy into outright lies and deception.

zapper wrote:

Besides, you do realize that the trolls at sneedacity threatened cookie engineer and his family right?

There is no evidence of this, as I said already. Do you know what schizophrenia is? He could also be staging all this "drama" all along. Anyone can write numbers on sticky notes and make a house look like there was a murder. I've seen this time and time again on the Internet. Nothing changes.

zapper wrote:

Yeah... I would stop for that reason above alone.

Feel free to. As for myself, I'll keep calling a spade a spade. Sneedacity has barely been around for two weeks and is already proving to be the best thing since sliced bread. Even the Audacium developers admitted in an IRC conversation to borrowing code from Sneedacity for a commit. If Sneedacity wasn't a serious project, then why even acknowledge their existence? That's how I know Sneedacity is the true winner. Give it up.

zapper wrote:

EDIT: After seeing the commens you just posted, I realize I might have been right the first time.

Well, with a signature like that, I'm surprised you don't spend more time on the Antix forums. That's more your crowd, I reckon. Devuan has no politics (left or right).

You really shouldn't assume wrongdoing on the victims part without actual evidence...  which most users here seem to think is against him. 

I really hope I am wrong about you, but usually I see this from far right fringe people, this level of perceived sociopathic behavior. 

I hope I am misunderstanding who you are, that being said... you look very suspiciously maligant.  I am going to hope I am wrong though...

As for Antix... I don't know much about AntiX or their forums.

That all being said,  please don't assume anything about him without knowing the whole story. Perhaps I don't know the whole story, but 4chan has been part of a lot of harrassment type situations, so try not to assume people are making a scene as your first go to belief when it involves 4chan on the other end.

Last thought though will be this:

Please open your eyes, lest you lose your way any furher.

Such arrogance is dangerous...

I'll save you a trip down my memory lane and say,  less than a year ago, I discovered my pride problem... I am working on it more than I ever have before...  Be careful, lest, pride sneak up on you too...

Also, no one likes a boastful fool.  I am sure you are better than that.  Given all people are created by the Lord.

Pride is a form of boastfulness btw...

Confidence = Good
Pride = overconfidence thus bad...

Anyways, hope you find peace from the same pride I have been fighting for a long time.

Last edited by zapper (2021-07-16 03:12:47)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#21 2021-07-16 06:52:00

steve_v
Member
Registered: 2018-01-11
Posts: 381  

Re: Audacity and Musescore Spyware problem

brocashelm wrote:

Do you know what schizophrenia is?

Implying somebody you clearly don't know has a mental illness is... Kinda gross dude.
Please don't make claims like that unless you have some real evidence to back them up. Not only are such accusations irrelevant and useless, they're also exactly the kind of obnoxious comment commonly associated basement-dwelling sociopaths and alt-right wackos. We wouldn't want to think you're one of those, now would we?

Other than that, yeah. None of us have any real evidence either way...
So we should probably all shut up about it now lest we look like fools, no?

brocashelm wrote:

Even the Audacium developers admitted in an IRC conversation to borrowing code from Sneedacity for a commit.

Sure, that's how FOSS development is supposed to work. Projects nick code from each other all the time, and it's never implied that one or other was the "winner" before. When people share code everybody wins.

zapper wrote:

Given all people are created by the Lord.

I was with you right up until that little gem.
When questioning the beliefs and assumptions of others here, you might want to think twice about presenting your own beliefs and assumptions as fact. Just a suggestion.

The only "given" here so far is that audacity was forked, and several of those forks are now making progress. Everything else is noise or politics, and AFAICT there have been no code commits from deities at all.

All in all, if this thread is going to be nothing but mudslinging and petty tribalism (with a side of preaching), perhaps it's time it was closed?

Last edited by steve_v (2021-07-16 06:59:07)


Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

#22 2021-07-16 14:30:49

zapper
Member
Registered: 2017-05-29
Posts: 967  

Re: Audacity and Musescore Spyware problem

Steve, my bad lol, I was bit too over the top yesterday, I am sure. 

That being said, I agree it should be closed too.

Also, sometimes I try to help people who don't want help...

hmm

Anyways, last time I will reply here, its going nowhere good anyways.

Last edited by zapper (2021-07-16 14:32:20)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#23 2021-07-16 14:34:59

brocashelm
Member
Registered: 2020-06-29
Posts: 114  

Re: Audacity and Musescore Spyware problem

I had a full response typed up, but erased it at the last minute because I'd be wasting my time.

Moderators, feel free to delete all the posts I've made including the replies to them. I will be stepping out gracefully from this forum. Cheers.

Last edited by brocashelm (2021-07-16 15:01:07)

Offline

#24 2021-07-16 14:44:47

zapper
Member
Registered: 2017-05-29
Posts: 967  

Re: Audacity and Musescore Spyware problem

brocashelm wrote:

Moderators, feel free to delete all the posts I've made including the replies to them. I will be stepping out gracefully from this forum. Cheers.

I wasn't going to respond, to this thread again, but you don't have to quit the forums. 

I mean... just relax, I was only trying to help you.

That being said, if you want to leave, that is your call. 

Peace man... hope things go better for you in the future regardless, no hard feelings.


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#25 2021-07-16 16:05:03

golinux
Administrator
Registered: 2016-11-25
Posts: 3,316  

Re: Audacity and Musescore Spyware problem

OK everybody . . . please just take a deep breath . . .

Offline

Board footer